Hello,I'm new in this forum, so i'm sorry if I didn't post my topic right.

So here is the thing. I'm using an Exchange Mail server 2007 with around 100 accounts. Yesterday a couple of accounts recieve the same message from a different internal user, THAT DOES NOT EXIST, telling them to download a patch file from this site:

It is likely that the message received was forged to look like it was an internal message. Check the headers of the message, does it appear to actually come from the inside, or is there a history of traveling through various SMTP hops in the headers?

It is is also likely that the link provided in the email, does not actually go to any resource internal to your domain. It looks like a phishing email and a dangerous one.

If this email did not originate from the inside, as I suspect, you can invest in a solid Anti-Spam product that should stop mail with forged headers from coming through.

Agree with ketchup... implement some spam-blocking software and, or if you already have some in place, set it to deny inbound email from your domain name. All of your internal->internal email should remain within your internal environment, there should never be a point where email "from" your domain is coming in from the outside (unless of course you were outsourcing email services).

I know a guy whose company did a phishing exercise. The goal was to see how many people clicked on the link and then educate everyone about phishing.

After the exercise they sent a follow up email telling users what to look for and that they should not have clicked the link in the original email. The original email was at the bottom of the new email.

The result? More people clicked on the at the bottom of the second email than the original email.

I read in Eweek magazine about a web site that offers a service how to sent phising email and report you how many user click in the link and how many time and give you a grade about that person, you can beging to re-train the users, but some of them they do not want to be carefull